protected override void Dispose(bool disposing) { if (disposing) { if (chain != null) { chain.Dispose(); chain = null; } if (storeCtx != null) { storeCtx.Dispose(); storeCtx = null; } if (untrustedChain != null) { untrustedChain.Dispose(); untrustedChain = null; } if (untrusted != null) { foreach (var cert in untrusted) { cert.Dispose(); } } } base.Dispose(disposing); }
void CheckValidationResult( ICertificateValidator validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, X509Chain chain, MonoBtlsX509StoreCtx storeCtx, bool success, ref MonoSslPolicyErrors errors, ref int status11) { status11 = unchecked ((int)0); if (success) { return; } errors = MonoSslPolicyErrors.RemoteCertificateChainErrors; if (!wantsChain || storeCtx == null || chain == null) { status11 = unchecked ((int)0x800B010B); return; } var error = storeCtx.GetError(); if (error != Mono.Btls.MonoBtlsX509Error.OK & error != Mono.Btls.MonoBtlsX509Error.CRL_NOT_YET_VALID) { chain.Impl.AddStatus(MapVerifyErrorToChainStatus(error)); status11 = unchecked ((int)0x800B010B); } }
int VerifyCallback(bool preverify_ok, MonoBtlsX509StoreCtx ctx) { if (verifyCallback != null) { return(verifyCallback(ctx)); } return(0); }
int VerifyCallback(MonoBtlsX509StoreCtx storeCtx) { using (var chainImpl = new X509ChainImplBtls(storeCtx)) using (var managedChain = new X509Chain(chainImpl)) { var leaf = managedChain.ChainElements[0].Certificate; var result = ValidateCertificate(leaf, managedChain); certificateValidated = true; return(result ? 1 : 0); } }
void CheckValidationResult( ICertificateValidator validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, X509Chain chain, MonoBtlsX509StoreCtx storeCtx, bool success, ref MonoSslPolicyErrors errors, ref int status11) { if (!success) { errors = MonoSslPolicyErrors.RemoteCertificateChainErrors; status11 = unchecked ((int)0x800B010B); } }
static int NativeVerifyCallback (IntPtr instance, int preverify_ok, IntPtr store_ctx) { var c = (MonoBtlsSslCtx)GCHandle.FromIntPtr (instance).Target; using (var ctx = new MonoBtlsX509StoreCtx (preverify_ok, store_ctx)) { try { return c.VerifyCallback (preverify_ok != 0, ctx); } catch (Exception ex) { c.SetException (ex); } } return 0; }
internal static bool ValidateCertificate(MonoBtlsX509Chain chain, MonoBtlsX509VerifyParam param) { using (var store = new MonoBtlsX509Store()) using (var storeCtx = new MonoBtlsX509StoreCtx()) { SetupCertificateStore(store); storeCtx.Initialize(store, chain); if (param != null) { storeCtx.SetVerifyParam(param); } var ret = storeCtx.Verify(); return(ret == 1); } }
internal X509ChainImplBtls (MonoBtlsX509StoreCtx storeCtx) { this.storeCtx = storeCtx.Copy (); this.chain = storeCtx.GetChain (); policy = new X509ChainPolicy (); untrustedChain = storeCtx.GetUntrusted (); if (untrustedChain != null) { untrusted = new X509Certificate2Collection (); policy.ExtraStore = untrusted; for (int i = 0; i < untrustedChain.Count; i++) { var cert = untrustedChain.GetCertificate (i); using (var impl = new X509CertificateImplBtls (cert)) untrusted.Add (new X509Certificate2 (impl)); } } }
internal override bool ValidateCertificate( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11) { if (chain != null) { var chainImpl = (X509ChainImplBtls)chain.Impl; var success = chainImpl.StoreCtx.VerifyResult == 1; CheckValidationResult( validator, targetHost, serverMode, certificates, wantsChain, chain, chainImpl.StoreCtx, success, ref errors, ref status11); return(success); } using (var store = new MonoBtlsX509Store()) using (var nativeChain = MonoBtlsProvider.GetNativeChain(certificates)) using (var param = GetVerifyParam(validator.Settings, targetHost, serverMode)) using (var storeCtx = new MonoBtlsX509StoreCtx()) { SetupCertificateStore(store, validator.Settings, serverMode); storeCtx.Initialize(store, nativeChain); storeCtx.SetVerifyParam(param); var ret = storeCtx.Verify(); var success = ret == 1; if (wantsChain && chain == null) { chain = GetManagedChain(nativeChain); } CheckValidationResult( validator, targetHost, serverMode, certificates, wantsChain, null, storeCtx, success, ref errors, ref status11); return(success); } }
internal X509ChainImplBtls(MonoBtlsX509StoreCtx storeCtx) { this.storeCtx = storeCtx.Copy(); this.chain = storeCtx.GetChain(); policy = new X509ChainPolicy(); untrustedChain = storeCtx.GetUntrusted(); if (untrustedChain != null) { untrusted = new X509Certificate2Collection(); policy.ExtraStore = untrusted; for (int i = 0; i < untrustedChain.Count; i++) { var cert = untrustedChain.GetCertificate(i); using (var impl = new X509CertificateImplBtls(cert)) untrusted.Add(new X509Certificate2(impl)); } } }
void CheckValidationResult( ICertificateValidator validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, X509Chain chain, MonoBtlsX509StoreCtx storeCtx, bool success, ref MonoSslPolicyErrors errors, ref int status11) { status11 = unchecked ((int)0); if (success) { return; } errors = MonoSslPolicyErrors.RemoteCertificateChainErrors; if (!wantsChain || storeCtx == null || chain == null) { status11 = unchecked ((int)0x800B010B); return; } var error = storeCtx.GetError(); switch (error) { case Mono.Btls.MonoBtlsX509Error.OK: errors = MonoSslPolicyErrors.None; break; case Mono.Btls.MonoBtlsX509Error.CRL_NOT_YET_VALID: break; case MonoBtlsX509Error.HOSTNAME_MISMATCH: errors = MonoSslPolicyErrors.RemoteCertificateNameMismatch; chain.Impl.AddStatus(X509ChainStatusFlags.UntrustedRoot); status11 = unchecked ((int)0x800B010B); break; default: chain.Impl.AddStatus(MapVerifyErrorToChainStatus(error)); status11 = unchecked ((int)0x800B010B); break; } }
internal static bool ValidateCertificate(MonoBtlsX509Chain chain, MonoBtlsX509VerifyParam param) { using (var store = new MonoBtlsX509Store()) using (var storeCtx = new MonoBtlsX509StoreCtx()) { /* * We're called from X509Certificate2.Verify() via X509CertificateImplBtls.Verify(). * * Use the default settings and assume client-mode. */ SetupCertificateStore(store, MonoTlsSettings.DefaultSettings, false); storeCtx.Initialize(store, chain); if (param != null) { storeCtx.SetVerifyParam(param); } var ret = storeCtx.Verify(); return(ret == 1); } }
internal static bool ValidateCertificate (MonoBtlsX509Chain chain, MonoBtlsX509VerifyParam param) { using (var store = new MonoBtlsX509Store ()) using (var storeCtx = new MonoBtlsX509StoreCtx ()) { SetupCertificateStore (store); storeCtx.Initialize (store, chain); if (param != null) storeCtx.SetVerifyParam (param); var ret = storeCtx.Verify (); return ret == 1; } }
protected override void Dispose (bool disposing) { if (disposing) { if (chain != null) { chain.Dispose (); chain = null; } if (storeCtx != null) { storeCtx.Dispose (); storeCtx = null; } if (untrustedChain != null) { untrustedChain.Dispose (); untrustedChain = null; } if (untrusted != null) { foreach (var cert in untrusted) cert.Dispose (); untrusted = null; } if (certificates != null) { foreach (var cert in certificates) cert.Dispose (); certificates = null; } } base.Dispose (disposing); }
int VerifyCallback (bool preverify_ok, MonoBtlsX509StoreCtx ctx) { if (verifyCallback != null) return verifyCallback (ctx); return 0; }
internal override bool ValidateCertificate ( ICertificateValidator2 validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, ref X509Chain chain, ref MonoSslPolicyErrors errors, ref int status11) { if (chain != null) { var chainImpl = (X509ChainImplBtls)chain.Impl; var success = chainImpl.StoreCtx.VerifyResult == 1; CheckValidationResult ( validator, targetHost, serverMode, certificates, wantsChain, chain, chainImpl.StoreCtx, success, ref errors, ref status11); return success; } using (var store = new MonoBtlsX509Store ()) using (var nativeChain = MonoBtlsProvider.GetNativeChain (certificates)) using (var param = GetVerifyParam (targetHost, serverMode)) using (var storeCtx = new MonoBtlsX509StoreCtx ()) { SetupCertificateStore (store); storeCtx.Initialize (store, nativeChain); storeCtx.SetVerifyParam (param); var ret = storeCtx.Verify (); var success = ret == 1; if (wantsChain && chain == null) { chain = GetManagedChain (nativeChain); } CheckValidationResult ( validator, targetHost, serverMode, certificates, wantsChain, null, storeCtx, success, ref errors, ref status11); return success; } }
void CheckValidationResult ( ICertificateValidator validator, string targetHost, bool serverMode, X509CertificateCollection certificates, bool wantsChain, X509Chain chain, MonoBtlsX509StoreCtx storeCtx, bool success, ref MonoSslPolicyErrors errors, ref int status11) { if (!success) { errors = MonoSslPolicyErrors.RemoteCertificateChainErrors; status11 = unchecked((int)0x800B010B); } }